Jump to content

Locked XSRFProbe v2.1 CSRF Scanner


Recommended Posts


XSRF Probe

XSRF Probe is an advanced Cross Site Request Forgery Audit Toolkit equipped with Powerful Crawling and Intelligent Token Generation Capabilities.
Some Features:

     Performs several types of checks before declaring an endpoint as vulnerable.
     Can detect several types of Anti-CSRF tokens in POST requests.
     Works with a powerful crawler which features continuous crawling and scanning.
     Out of the box support for custom cookie values and generic headers.
     Accurate Token-Strength Detection and Analysis using various algorithms.
     Can generate both normal as well as maliciously exploitable CSRF proof of concepts.
     Well documented code and highly generalised automated workflow.
     The user is in control of everything whatever the scanner does.
     Has a user-friendly interaction environment with full verbose support.
     Detailed logging system of errors, vulnerabilities, tokens and other stuffs.

The Workflow:

The typical workflow of this scanner is :-

    Spiders the target website to find all pages.
    Finds all types of forms present on the each page.
    Hunts out hidden as well as visible parameter values.
    Submits each form with normal tokens & parameter values.
    Generates random token strings and sets parameter values.
    Submits each form with the crafted tokens.
    Finds out if the tokens are sufficiently protected.
    Generates custom proof of concepts after each successful bug hunt.

Changelog v2.1

    Some significant changes in this version:

        XSRFProbe now available as a package (aka can be installed via pip).
        Added full support of cookies while making requests.
        Fixed form-type bugs and added email type checks.
        Tweaked some modules for accuracy in CSRF detections.
        Major bug fixes removing support for build_opener libraries.
        Huge code optimizations (cleaning and stuff).

This is the hidden content, please


Link to comment
Share on other sites

This topic is now closed to further replies.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.